From b26f48ecda02b35cc4fdc63d9abe89c0def048c0 Mon Sep 17 00:00:00 2001 From: Noah Overcash Date: Mon, 9 Sep 2024 10:22:36 -0400 Subject: [PATCH 1/4] New GA workflows --- .github/workflows/build-npm-release.yml | 246 ------------------------ .github/workflows/build-npm.yml | 201 ------------------- .github/workflows/ui.yml | 15 ++ 3 files changed, 15 insertions(+), 447 deletions(-) delete mode 100644 .github/workflows/build-npm-release.yml delete mode 100644 .github/workflows/build-npm.yml create mode 100644 .github/workflows/ui.yml diff --git a/.github/workflows/build-npm-release.yml b/.github/workflows/build-npm-release.yml deleted file mode 100644 index b0219d9..0000000 --- a/.github/workflows/build-npm-release.yml +++ /dev/null @@ -1,246 +0,0 @@ -# This workflow will do a clean install of node dependencies, build the source code, -# run unit tests, perform a SonarCloud scan and publish NPM package ONLY on a tagged release. - -# For more information see: -# https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions - -# Common FOLIO configurable env: -# - YARN_TEST_OPTIONS (options to pass to 'yarn test') -# - SQ_ROOT_DIR (root SQ directory to scan relative to top-level directory) -# - PUBLISH_MOD_DESCRIPTOR (boolean 'true' or 'false') -# - COMPILE_TRANSLATION_FILES (boolean 'true' or 'false') -# - -name: buildNPM Release -on: - push: - tags: - - 'v[0-9]+.[0-9]+.[0-9]+*' - workflow_dispatch: - -jobs: - build-npm-release: - if: ${{ startsWith(github.ref, 'refs/tags/v') }} - env: - YARN_TEST_OPTIONS: '' - SQ_ROOT_DIR: '.' - COMPILE_TRANSLATION_FILES: 'false' - PUBLISH_MOD_DESCRIPTOR: 'false' - FOLIO_NPM_REGISTRY: 'https://repository.folio.org/repository/npm-folio/' - FOLIO_NPM_REGISTRY_AUTH: '//repository.folio.org/repository/npm-folio/' - FOLIO_MD_REGISTRY: 'https://folio-registry.dev.folio.org' - NODEJS_VERSION: '18' - JEST_JUNIT_OUTPUT_DIR: 'artifacts/jest-junit' - JEST_COVERAGE_REPORT_DIR: 'artifacts/coverage-jest/lcov-report/' - BIGTEST_JUNIT_OUTPUT_DIR: 'artifacts/runTest' - BIGTEST_COVERAGE_REPORT_DIR: 'artifacts/coverage/lcov-report/' - OKAPI_PULL: '{ "urls" : [ "https://folio-registry.dev.folio.org" ] }' - SQ_LCOV_REPORT: 'artifacts/coverage-jest/lcov.info' - SQ_EXCLUSIONS: '**/platform/alias-service.js,**/docs/**,**/node_modules/**,**/examples/**,**/artifacts/**,**/ci/**,Jenkinsfile,**/LICENSE,**/*.css,**/*.md,**/*.json,**/tests/**,**/stories/*.js,**/test/**,**/.stories.js,**/resources/bigtest/interactors/**,**/resources/bigtest/network/**,**/*-test.js,**/*.test.js,**/*-spec.js,**/karma.conf.js,**/jest.config.js' - - runs-on: ubuntu-latest - steps: - - uses: folio-org/checkout@v2 - with: - fetch-depth: 0 - - # Runs a single command using the runners shell - - name: Print tag info - run: echo "Building release tag, ${GITHUB_REF}" - - - name: Set TAG_VERSION - run: echo "TAG_VERSION=$(echo ${GITHUB_REF#refs/tags/v})" >> $GITHUB_ENV - - - name: Get version from package.json - id: package_version - uses: notiz-dev/github-action-json-property@release - with: - path: 'package.json' - prop_path: 'version' - - - name: Check matching tag and version in package.json - if: ${{ env.TAG_VERSION != steps.package_version.outputs.prop }} - run: | - echo "Tag version, ${TAG_VERSION}, does not match package.json version, ${PACKAGE_VERSION}." - exit 1 - env: - PACKAGE_VERSION: ${{ steps.package_version.outputs.prop }} - - - name: Setup kernel for react native, increase watchers - run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODEJS_VERSION }} - check-latest: true - always-auth: true - - - name: Set yarn config - run: yarn config set @folio:registry $FOLIO_NPM_REGISTRY - - - name: Run yarn install - run: yarn install --ignore-scripts - - - name: Run yarn list - run: yarn list --pattern @folio - - - name: Run yarn lint - run: yarn lint - continue-on-error: true - - - name: Run yarn test - run: xvfb-run --server-args="-screen 0 1024x768x24" yarn test $YARN_TEST_OPTIONS - - - name: Run yarn formatjs-compile - if: ${{ env.COMPILE_TRANSLATION_FILES == 'true' }} - run: yarn formatjs-compile - - - name: Generate FOLIO module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - run: yarn build-mod-descriptor - - - name: Print FOLIO module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - run: cat module-descriptor.json - - - name: Read module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - id: moduleDescriptor - uses: juliangruber/read-file-action@v1 - with: - path: ./module-descriptor.json - - - name: Docker registry login - run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login https://docker.io/v2/ -u "${{ secrets.DOCKER_USER }}" --password-stdin - - - name: Start a local instance of Okapi - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - run: | - docker pull folioorg/okapi:latest - docker run --name okapi -t -detach folioorg/okapi:latest dev - echo "OKAPI_IP=$(docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' okapi)" >> $GITHUB_ENV - sleep 10 - - - name: Pull all Module descriptors to local Okapi instance - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - uses: fjogeleit/http-request-action@master - with: - url: http://${{ env.OKAPI_IP }}:9130/_/proxy/pull/modules - method: 'POST' - contentType: 'application/json; charset=utf-8' - customHeaders: '{ "Accept": "application/json; charset=utf-8" }' - data: ${{ env.OKAPI_PULL }} - timeout: 60000 - - - name: Perform local Okapi dependency check - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - uses: fjogeleit/http-request-action@master - with: - url: http://${{ env.OKAPI_IP }}:9130/_/proxy/modules?preRelease=false&npmSnapshot=false - method: 'POST' - contentType: 'application/json; charset=utf-8' - customHeaders: '{ "Accept": "application/json; charset=utf-8" }' - data: ${{ steps.moduleDescriptor.outputs.content }} - - - name: Publish Jest unit test results - uses: docker://ghcr.io/enricomi/publish-unit-test-result-action:v1 - if: always() - with: - github_token: ${{ github.token }} - files: '${{ env.JEST_JUNIT_OUTPUT_DIR }}/*.xml' - check_name: Jest Unit Test Results - comment_mode: update last - comment_title: Jest Unit Test Statistics - - - name: Publish Jest coverage report - uses: actions/upload-artifact@v2 - if: always() - with: - name: jest-coverage-report - path: ${{ env.JEST_COVERAGE_REPORT_DIR }} - retention-days: 30 - - - name: Publish BigTest unit test results - uses: docker://ghcr.io/enricomi/publish-unit-test-result-action:v1 - if: always() - with: - github_token: ${{ github.token }} - files: '${{ env.BIGTEST_JUNIT_OUTPUT_DIR }}/*.xml' - check_name: BigTest Unit Test Results - comment_mode: update last - comment_title: BigTest Unit Test Statistics - - - name: Publish BigTest coverage report - uses: actions/upload-artifact@v2 - if: always() - with: - name: bigtest-coverage-report - path: ${{ env.BIGTEST_COVERAGE_REPORT_DIR }} - retention-days: 30 - - - name: Publish yarn.lock - uses: actions/upload-artifact@v2 - if: failure() - with: - name: yarn.lock - path: yarn.lock - retention-days: 5 - - - name: Set default branch as env variable - run: echo "DEFAULT_BRANCH=${{ github.event.repository.default_branch }}" >> $GITHUB_ENV - - - name: Fetch branches for SonarCloud - run: git fetch --no-tags ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} +refs/heads/${{ env.DEFAULT_BRANCH }}:refs/remotes/origin/${{ env.DEFAULT_BRANCH }} - - - name: Run SonarCloud scan - uses: sonarsource/sonarcloud-github-action@master - with: - args: > - -Dsonar.organization=folio-org - -Dsonar.projectKey=org.folio:${{ github.event.repository.name }} - -Dsonar.projectName=${{ github.event.repository.name }} - -Dsonar.sources=${{ env.SQ_ROOT_DIR }} - -Dsonar.language=js - -Dsonar.javascript.lcov.reportPaths=${{ env.SQ_LCOV_REPORT }} - -Dsonar.exclusions=${{ env.SQ_EXCLUSIONS }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - - name: Set up NPM environment for publishing - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODEJS_VERSION }} - check-latest: true - always-auth: true - - - name: Set _auth in .npmrc - run: | - npm config set @folio:registry $FOLIO_NPM_REGISTRY - npm config set $FOLIO_NPM_REGISTRY_AUTH:_auth $NODE_AUTH_TOKEN - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Exclude some CI-generated artifacts in package - run: | - echo ".github" >> .npmignore - echo ".scannerwork" >> .npmignore - cat .npmignore - - - name: Publish NPM to FOLIO NPM registry - run: npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Publish module descriptor to FOLIO registry - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - id: modDescriptorPost - uses: fjogeleit/http-request-action@master - with: - url: ${{ env.FOLIO_MD_REGISTRY }}/_/proxy/modules - method: 'POST' - contentType: 'application/json; charset=utf-8' - customHeaders: '{ "Accept": "application/json; charset=utf-8" }' - data: ${{ steps.moduleDescriptor.outputs.content }} - username: ${{ secrets.FOLIO_REGISTRY_USERNAME }} - password: ${{ secrets.FOLIO_REGISTRY_PASSWORD }} diff --git a/.github/workflows/build-npm.yml b/.github/workflows/build-npm.yml deleted file mode 100644 index 8e7ce6c..0000000 --- a/.github/workflows/build-npm.yml +++ /dev/null @@ -1,201 +0,0 @@ -# This workflow will do a clean install of node dependencies, build the source code, -# run unit tests, perform a Sonarqube scan, and publish NPM artifacts from master/main. - -# For more information see: -# https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions - -# Common FOLIO configurable environment variables to set: -# - YARN_TEST_OPTIONS (options to pass to 'yarn test') -# - SQ_ROOT_DIR (root SQ directory to scan relative to top-level directory) -# - PUBLISH_MOD_DESCRIPTOR (boolean 'true' or 'false') -# - COMPILE_TRANSLATION_FILES (boolean 'true' or 'false') -# - -name: buildNPM Snapshot -on: [push, pull_request] - -jobs: - build-npm: - env: - YARN_TEST_OPTIONS: '' - SQ_ROOT_DIR: '.' - COMPILE_TRANSLATION_FILES: 'false' - PUBLISH_MOD_DESCRIPTOR: 'false' - FOLIO_NPM_REGISTRY: 'https://repository.folio.org/repository/npm-folioci/' - FOLIO_NPM_REGISTRY_AUTH: '//repository.folio.org/repository/npm-folioci/' - FOLIO_MD_REGISTRY: 'https://folio-registry.dev.folio.org' - NODEJS_VERSION: '18' - JEST_JUNIT_OUTPUT_DIR: 'artifacts/jest-junit' - JEST_COVERAGE_REPORT_DIR: 'artifacts/coverage-jest/lcov-report/' - BIGTEST_JUNIT_OUTPUT_DIR: 'artifacts/runTest' - BIGTEST_COVERAGE_REPORT_DIR: 'artifacts/coverage/lcov-report/' - SQ_LCOV_REPORT: 'artifacts/coverage-jest/lcov.info' - SQ_EXCLUSIONS: '**/platform/alias-service.js,**/docs/**,**/node_modules/**,**/examples/**,**/artifacts/**,**/ci/**,Jenkinsfile,**/LICENSE,**/*.css,**/*.md,**/*.json,**/tests/**,**/stories/*.js,**/test/**,**/.stories.js,**/resources/bigtest/interactors/**,**/resources/bigtest/network/**,**/*-test.js,**/*.test.js,**/*-spec.js,**/karma.conf.js,**/jest.config.js' - - runs-on: ubuntu-latest - steps: - - uses: folio-org/checkout@v2 - with: - fetch-depth: 0 - - - name: Setup kernel for react native, increase watchers - run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p - - name: Use Node.js - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODEJS_VERSION }} - check-latest: true - always-auth: true - - - name: Set yarn config - run: yarn config set @folio:registry $FOLIO_NPM_REGISTRY - - - name: Set FOLIO NPM snapshot version - run: | - git clone https://github.com/folio-org/folio-tools.git - npm --no-git-tag-version version `folio-tools/github-actions-scripts/folioci_npmver.sh` - rm -rf folio-tools - env: - JOB_ID: ${{ github.run_number }} - - - name: Run yarn install - run: yarn install --ignore-scripts - - - name: Run yarn list - run: yarn list --pattern @folio - - - name: Run yarn why @types/react - run: yarn why @types/react - - - name: Run yarn lint - run: yarn lint - continue-on-error: true - - - name: Run yarn test - run: xvfb-run --server-args="-screen 0 1024x768x24" yarn test $YARN_TEST_OPTIONS - - - name: Run yarn formatjs-compile - if: ${{ env.COMPILE_TRANSLATION_FILES == 'true' }} - run: yarn formatjs-compile - - - name: Generate FOLIO module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - run: yarn build-mod-descriptor - - - name: Print FOLIO module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' }} - run: cat module-descriptor.json - - - name: Publish Jest unit test results - uses: docker://ghcr.io/enricomi/publish-unit-test-result-action:v1 - if: always() - with: - github_token: ${{ github.token }} - files: '${{ env.JEST_JUNIT_OUTPUT_DIR }}/*.xml' - check_name: Jest Unit Test Results - comment_mode: update last - comment_title: Jest Unit Test Statistics - - - name: Publish Jest coverage report - uses: actions/upload-artifact@v2 - if: always() - with: - name: jest-coverage-report - path: ${{ env.JEST_COVERAGE_REPORT_DIR }} - retention-days: 30 - - - name: Publish BigTest unit test results - uses: docker://ghcr.io/enricomi/publish-unit-test-result-action:v1 - if: always() - with: - github_token: ${{ github.token }} - files: '${{ env.BIGTEST_JUNIT_OUTPUT_DIR }}/*.xml' - check_name: BigTest Unit Test Results - comment_mode: update last - comment_title: BigTest Unit Test Statistics - - - name: Publish BigTest coverage report - uses: actions/upload-artifact@v2 - if: always() - with: - name: bigtest-coverage-report - path: ${{ env.BIGTEST_COVERAGE_REPORT_DIR }} - retention-days: 30 - - - name: Publish yarn.lock - uses: actions/upload-artifact@v2 - if: failure() - with: - name: yarn.lock - path: yarn.lock - retention-days: 5 - - - name: Set default branch as env variable - run: echo "DEFAULT_BRANCH=${{ github.event.repository.default_branch }}" >> $GITHUB_ENV - - - name: Fetch branches for SonarCloud - run: git fetch --no-tags ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY} +refs/heads/${{ env.DEFAULT_BRANCH }}:refs/remotes/origin/${{ env.DEFAULT_BRANCH }} - - - name: Run SonarCloud scan - uses: sonarsource/sonarcloud-github-action@master - with: - args: > - -Dsonar.organization=folio-org - -Dsonar.projectKey=org.folio:${{ github.event.repository.name }} - -Dsonar.projectName=${{ github.event.repository.name }} - -Dsonar.sources=${{ env.SQ_ROOT_DIR }} - -Dsonar.language=js - -Dsonar.javascript.lcov.reportPaths=${{ env.SQ_LCOV_REPORT }} - -Dsonar.exclusions=${{ env.SQ_EXCLUSIONS }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - - - name: Set up NPM environment for publishing - if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} - uses: actions/setup-node@v3 - with: - node-version: ${{ env.NODEJS_VERSION }} - check-latest: true - always-auth: true - - - name: Set _auth in .npmrc - if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} - run: | - npm config set @folio:registry $FOLIO_NPM_REGISTRY - npm config set $FOLIO_NPM_REGISTRY_AUTH:_auth $NODE_AUTH_TOKEN - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Exclude some CI-generated artifacts in package - if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} - run: | - echo ".github" >> .npmignore - echo ".scannerwork" >> .npmignore - cat .npmignore - - - name: Publish NPM - if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} - run: npm publish - env: - NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} - - - name: Read module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' && github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} - id: moduleDescriptor - uses: juliangruber/read-file-action@v1 - with: - path: ./module-descriptor.json - - - name: Publish module descriptor - if: ${{ env.PUBLISH_MOD_DESCRIPTOR == 'true' && github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} - id: modDescriptorPost - uses: fjogeleit/http-request-action@master - with: - url: ${{ env.FOLIO_MD_REGISTRY }}/_/proxy/modules - method: 'POST' - contentType: 'application/json; charset=utf-8' - customHeaders: '{ "Accept": "application/json; charset=utf-8" }' - data: ${{ steps.moduleDescriptor.outputs.content }} - username: ${{ secrets.FOLIO_REGISTRY_USERNAME }} - password: ${{ secrets.FOLIO_REGISTRY_PASSWORD }} diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml new file mode 100644 index 0000000..13d67a5 --- /dev/null +++ b/.github/workflows/ui.yml @@ -0,0 +1,15 @@ +name: Centralized workflow +on: + - push + - pull_request + - workflow_dispatch + +jobs: + ui: + uses: folio-org/.github/.github/workflows/ui.yml@v1 + if: github.ref_name == github.event.repository.default_branch || github.event_name != 'push' + secrets: inherit + with: + # tsc instead of jest, but easiest to run it in the same manner + jest-enabled: true + jest-test-command: yarn test From eddceeb42dc4e570cf26644fac49c0072d25dbc4 Mon Sep 17 00:00:00 2001 From: Noah Overcash Date: Mon, 9 Sep 2024 10:28:39 -0400 Subject: [PATCH 2/4] Sonar/translations config --- .github/workflows/ui.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ui.yml b/.github/workflows/ui.yml index 13d67a5..fea9c0d 100644 --- a/.github/workflows/ui.yml +++ b/.github/workflows/ui.yml @@ -13,3 +13,6 @@ jobs: # tsc instead of jest, but easiest to run it in the same manner jest-enabled: true jest-test-command: yarn test + sonar-sources: . + compile-translations: false + generate-module-descriptor: false From 3f842b093f25baa3c5829e9048ebef872b67fedb Mon Sep 17 00:00:00 2001 From: Noah Overcash Date: Fri, 20 Sep 2024 09:25:53 -0400 Subject: [PATCH 3/4] [STCOR-888] Export RTR constants --- core/index.d.ts | 2 + core/src/components/Root/constants.d.ts | 69 +++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 core/src/components/Root/constants.d.ts diff --git a/core/index.d.ts b/core/index.d.ts index bfa235e..8b4dfd4 100644 --- a/core/index.d.ts +++ b/core/index.d.ts @@ -41,3 +41,5 @@ export const supportedNumberingSystems: any; export const userLocaleConfig: any; export const queryLimit: any; export const init: any; + +export * as RTR_CONSTANTS from './src/components/Root/constants'; diff --git a/core/src/components/Root/constants.d.ts b/core/src/components/Root/constants.d.ts new file mode 100644 index 0000000..8ce92ad --- /dev/null +++ b/core/src/components/Root/constants.d.ts @@ -0,0 +1,69 @@ +/** dispatched during RTR when it is successful */ +export const RTR_SUCCESS_EVENT: string; + +/** dispatched during RTR if RTR itself fails */ +export const RTR_ERROR_EVENT: string; + +/** dispatched by ui-developer to force a token rotation */ +export const RTR_FORCE_REFRESH_EVENT: string; + +/** + * dispatched if the session is idle (without activity) for too long + */ +export const RTR_TIMEOUT_EVENT: string; + +/** BroadcastChannel for cross-window activity pings */ +export const RTR_ACTIVITY_CHANNEL: string; + +/** + * how much of an AT's lifespan can elapse before it is considered expired. + * overridden in stripes.config.js::config.rtr.rotationIntervalFraction. + */ +export const RTR_AT_TTL_FRACTION: number; + +/** + * events that constitute "activity" and will prolong the session. + * overridden in stripes.config.js::config.rtr.activityEvents. + */ +export const RTR_ACTIVITY_EVENTS: string[]; + +/** + * how long does an idle session last? + * When this interval elapses without activity, the session will end and + * the user will be signed out. This value must be shorter than the RT's TTL, + * otherwise the RT will expire while the session is still active, leading to + * a problem where the session appears to be active because the UI is available + * but the first action that makes and API request (which will fail with an + * RTR error) causes the session to end. + * + * overridden in stripes.configs.js::config.rtr.idleSessionTTL + * value must be a string parsable by ms() + */ +export const RTR_IDLE_SESSION_TTL: string; + +/** + * how long is the "keep working?" modal visible + * This interval describes how long the "keep working?" modal should be + * visible before the idle-session timer expires. For example, if + * RTR_IDLE_SESSION_TTL is set to "60m" and this value is set to "1m", + * then the modal will be displayed after 59 minutes of inactivity and + * be displayed for one minute. + * + * overridden in stripes.configs.js::config.rtr.idleModalTTL + * value must be a string parsable by ms() + */ +export const RTR_IDLE_MODAL_TTL: string; + +/** + * When resuming an existing session but there is no token-expiration + * data in the session, we can't properly schedule RTR. + * 1. the real expiration data is in the cookie, but it's HTTPOnly + * 2. the resume-session API endpoint, _self, doesn't include + * token-expiration data in its response + * 3. the session _should_ contain a value, but maybe the session + * was corrupt. + * Given the resume-session API call succeeded, we know the AT must have been + * valid at the time, so we punt and schedule rotation in the future by this + * (relatively short) interval. + */ +export const RTR_AT_EXPIRY_IF_UNKNOWN: string; From 3e8c82bd949c7b5799d6eba84bf3c70f731d519f Mon Sep 17 00:00:00 2001 From: Noah Overcash Date: Tue, 24 Sep 2024 20:36:53 -0400 Subject: [PATCH 4/4] update constants to match stcor --- core/src/components/Root/constants.d.ts | 38 ++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 4 deletions(-) diff --git a/core/src/components/Root/constants.d.ts b/core/src/components/Root/constants.d.ts index 8ce92ad..6f4f2e7 100644 --- a/core/src/components/Root/constants.d.ts +++ b/core/src/components/Root/constants.d.ts @@ -12,11 +12,33 @@ export const RTR_FORCE_REFRESH_EVENT: string; */ export const RTR_TIMEOUT_EVENT: string; +/** dispatched when the fixed-length session is about to end */ +export const RTR_FLS_WARNING_EVENT: string; + +/** dispatched when the fixed-length session ends */ +export const RTR_FLS_TIMEOUT_EVENT: string; + +/** + * how long is the FLS warning visible? + * When a fixed-length session expires, the session ends immediately and the + * user is forcibly logged out. This interval describes how much warning they + * get before the session ends. + * + * overridden in stripes.configs.js::config.rtr.fixedLengthSessionWarningTTL + * value must be a string parsable by ms() + */ +export const RTR_FLS_WARNING_TTL: string; + /** BroadcastChannel for cross-window activity pings */ export const RTR_ACTIVITY_CHANNEL: string; /** - * how much of an AT's lifespan can elapse before it is considered expired. + * how much of a token's lifespan can elapse before it is considered expired? + * For the AT, we want a very safe margin because we don't ever want to fall + * off the end of the AT since it would be a very misleading failure given + * the RT is still good at that point. Since rotation happens in the background + * (i.e. it isn't a user-visible feature), rotating early has no user-visible + * impact. * overridden in stripes.config.js::config.rtr.rotationIntervalFraction. */ export const RTR_AT_TTL_FRACTION: number; @@ -62,8 +84,16 @@ export const RTR_IDLE_MODAL_TTL: string; * token-expiration data in its response * 3. the session _should_ contain a value, but maybe the session * was corrupt. - * Given the resume-session API call succeeded, we know the AT must have been - * valid at the time, so we punt and schedule rotation in the future by this - * (relatively short) interval. + * Given the resume-session API call succeeded, we know the tokens were valid + * at the time so we punt and schedule rotation in the very near future because + * the rotation-response _will_ contain token-expiration values we can use to + * replace these. */ export const RTR_AT_EXPIRY_IF_UNKNOWN: string; +export const RTR_RT_EXPIRY_IF_UNKNOWN: string; + +/** + * To account for minor delays between events (such as cookie expiration and API calls), + * this is a small amount of time to wait so the proper order can be ensured if they happen simultaneously. + */ +export const RTR_TIME_MARGIN_IN_MS: number;